Governance First: Why Agentic AI Will Either Transform Health Systems or Cement Their Failures

Agentic AI can improve health systems only if organisations redesign processes instead of simply automating existing inefficiencies. Governance must come first, with clear accountability, continuous oversight and strong foundations for privacy, cybersecurity and compliance. In Europe, the EHDS and related regulation make that shift an urgent operational requirement rather than a future ambition.

Key Points

• Agentic AI needs governance before large-scale deployment.
• Automation without redesign makes flawed processes faster, not better.
• EHDS makes data governance, privacy and compliance an operational duty.
• Continuous oversight matters more than periodic committee review.
• Security, accountability and bias controls must be built into system design.

The Trap of Comfortable Acceleration

The personal computer was once heralded as revolutionary. Yet organisations did not change when the PC entered the workplace. Paper became digital files. Filing cabinets became shared drives. Memos became emails. But the organisation logic: approval chains, reporting cycles, hierarchies and incentives remained intact.

We worked faster. We did not work differently. We did not work more efficiently.

The same is true of the internet and smartphones. Each compress time and distance. Each simplify access to information. But neither forced a structural reconsideration of how organisations make decisions or allocate responsibility. Organisational governance architectures, private and public, remained recognisably industrial.

AI presents a different kind of challenge. It intervenes in cognition itself. It alters how decisions are informed, predicted, optimised, taken and, increasingly, executed.

And yet, once again, we risk responding with surface adaptation rather than structural reinvention. Without explicit governance decisions challenging existing workflows, approval thresholds and accountability structures, health systems will automate dysfunctional processes and report efficiency gains without improving clinical capacity.

In healthcare, the cost of repetition will be measured in lives and fiscal sustainability, not merely missed opportunity.

A Deloitte survey of 100 health technology executives from late 2025 found that long-standing AI adoption barriers, talent constraints, resistance to change and leadership buy-in, are beginning to ease, with 40% of leaders reporting that technical talent limitations are no longer a major challenge. The conditions for large-scale deployment are arriving. The governance architecture required to make that deployment transformative rather than merely accelerative is still absent (Deloitte Center for Health Solutions 2026).

Without bold governance decisions, decisions that examine foundational organisational assumptions rather than merely layer AI onto inherited processes, health systems will automate their dysfunctions and call it progress.

A Structural Fiscal Constraint, Not an Administrative Inefficiency

Before examining solutions, the scale of the structural problem demands acknowledgement. Global health spending reached $9.8 trillion (€8.37 trillion) in 2022, 9.9% of global GDP, and marked the first real-term decline since 2000. The disparity between rich and poor systems: average per capita health spending in high-income countries stands at $3,731 (€3,186), compared to $540 (€461) in upper-middle income, $132 (€113) in lower-middle income and $43 (€37) in low-income countries, a ratio of 87 to 1. In 2024, combined government and donor health spending averaged just €14.5 ($17) per capita in low-income countries, less than one-third of the $60 (€51.2) minimum needed for a basic package of essential services. By 2022, at least 48 low- and middle-income governments were paying more to service external debt than they spent on healthcare (WHO 2024; World Bank Group 2025; Human Rights Watch 2025).

This is the context into which AI is being introduced. The fiscal argument for redesign is not about efficiency gains in wealthy systems. It is about whether under-resourced health systems can redirect scarce resources from administrative overhead to clinical capacity. The basic question is global: how much of public health spending is consumed by processes that add no clinical value?

What Waste Actually Looks Like

The critical insight is that these waste categories are not primarily technological failures. They are process design failures sustained by governance decisions that were rational in the past but persist beyond their original purpose.

Six waste categories have been identified, each with a known AI-addressable solution, but only if leaders interrogate the underlying process before reaching for the automation toolbox.

• Administrative complexity: billing, prior authorisation, credentialing, quality reporting. In the United States, the most granular benchmark available internationally, estimated waste from billing complexity alone amounts to approximately $68,000 (€58,000) per physician per year. Total U.S. healthcare administrative spending approaches $1 trillion (€854 billion) annually.
• Failure of care coordination: duplicate diagnostics, conflicting prescriptions and fragmented pathways generate avoidable readmissions and preventable deterioration.
• Overtreatment and low-value care: procedures ordered from habit or poor decision support rather than evidence.
• Pricing failure: inconsistent pricing for identical procedures across fragmented payer environments.
• Fraud and abuse: estimated at over $60 billion (€51 billion) annually in the United States alone, largely detectable through pattern-recognition infrastructure that underpins agentic AI.
• Failure of care delivery: preventable harm from medication errors, hospital-acquired infections and diagnostic delays, all addressable through real-time monitoring.

Agentic AI: A Taxonomy for Decision-Makers

‘AI’ as term covers a range of capabilities so broad that it has become nearly useless as a planning concept. The distinctions between types of agentic AI carry fundamentally different accountability, security and organisational design implications.

Conventional AI delivers outputs humans act upon: a risk score, a diagnostic flag, an image classification. Generative AI drafts content on request. Neither, deployed without structural change, is transformative. Agentic AI operates with goal-directed autonomy. It decomposes complex objectives, coordinates specialised subsystems, adapts to real-time outcomes and initiates actions across connected systems without requiring human prompts at each step.

The governance implication is straightforward: decision authority is no longer exercised solely by people, but by systems operating within defined boundaries (Hinostroza Fuentes et al. 2025).

Type 1: Specialised Single-Domain Agents

These operate within a defined scope: a scheduling agent managing the full appointment lifecycle, a prior-authorisation agent retrieving clinical data, populating payer-specific forms, submitting requests and monitoring status without manual handoffs, a credentialling agent monitoring expiring licences and proactively updating databases. Governance challenges are containable. Access perimeters are defined, audit trails are tractable, and accountability is clear.

Type 2: Ambient Documentation Agents

Agents that listen to patient-clinician encounters and generate draft clinical notes for physician review. Governance implications centre on consent architecture, data residency, accuracy auditing and the risk of over-reliance if physician review becomes cursory. Evidence of impact is now global: a major NHS-commissioned study found the technology has potential to unlock £834 million (€957 million) a year if rolled out nationally, estimating that automating 50% of documentation could liberate 10 to 15% of total clinician time. A 2025 study using an Australian-developed ambient AI tool found it reduced progress note documentation time from a median of 128 seconds to 27 seconds and discharge summary time from 459 to 114 seconds. Growth rates in ambient documentation markets exceed 45% annually in Brazil, Mexico, UAE and Saudi Arabia, reflecting the same driver in every context: the ratio of administrative time to clinical time is economically unsustainable regardless of health system structure (Balloch et al. 2025; Sharma 2026).

Type 3: Multi-Agent Orchestrator Systems

Networks of specialised agents coordinated by an overarching architecture that synthesises outputs across clinical domains simultaneously. A Multi-Agent Orchestrator, currently piloting at Oxford University Hospitals among others, coordinates agents specialised in imaging, pathology, genomics, clinical notes and medical literature, condensing into minutes a synthesis that would take a senior clinician one and a half to two and a half hours to compile manually. The governance challenge scales with capability: a multi-agent orchestrator initiating actions simultaneously across clinical, administrative and financial systems introduces accountability questions that no governance model designed for periodic human review was built to answer.

Two workforce realities shape all three types. Technical talent remains structurally scarce. This constraint cannot be solved through recruitment alone; it requires redesigning workflows so scarce expertise is applied to high-risk decisions rather than routine system maintenance.

A 2025 Deloitte survey found that 60% of leaders still consider technical talent a significant challenge. A health system that cannot audit its AI systems, investigate anomalies or update models as clinical evidence evolves is not ready for agentic deployment regardless of vendor assurances. Separately, the WHO projects a global clinical workforce shortfall of 10 million health workers by 2030. Agentic AI will not resolve this, but it can partially offset the functional impact by restoring administrative hours to clinical use, since physicians globally spend more than half their workday documenting rather than treating patients. The governance investment and the technical workforce investment are inseparable; the clinical workforce argument is a reason to act, not a reason to rush (Deloitte Center for Health Solutions 2026; Bienefeld et al. 2025; You et al. 2025; Shrank et al. 2025).

In many middle-income and rapidly urbanising systems across Southeast Asia, Latin America and Sub-Saharan Africa, the limiting factor is not technology availability but workforce capacity. In these environments, process redesign determines whether new tools expand access to care or increase administrative workload.

The EHDS Defines Health Data Operations

The European Health Data Space, EHDS Regulation (EU) 2025/327, in force since 26 March 2025, matters globally. Any organisation handling EU citizens’ health data, whether a hospital operating under European group ownership, a research institution on EU-funded trials or an EHR vendor whose platform is licensed to European providers, falls within scope. Because the EHDS is designed as a template for future sectoral data spaces, its governance requirements are signals that health system leaders beyond Europe should understand now, before their own regulatory environments reflect it.

The EHDS Is Not a Single Regulation. It Is a Compliance Stack.

EHDS overlays every existing EU data protection, product and cybersecurity regulation rather than replacing any of them. For operational leaders, this means compliance becomes a system design requirement, not a legal review step. Organisation deploying AI against EHDS-governed health data, must read the compliance position simultaneously across the General Data Protection Regulation (GDPR), the EU AI Act, the NIS2 Directive, the Cyber Resilience Act, the Medical Devices Regulation and the Data Governance Act. Where an EHR system incorporates AI functionality and is also a medical device, EHDS, AI Act and MDR all apply cumulatively, a position confirmed in the Commission's own FAQs (Moreno 2026; Regulation (EU) 2025/327).

The cumulative penalty exposure is real. EHDS penalties reach up to 20 million euros or 4% of global annual turnover. AI Act penalties for high-risk AI violations reach up to 35 million euros or 7% of global annual turnover. NIS2 penalties for essential healthcare entities reach up to 10 million euros or 2% of global turnover, with personal liability for senior management. These are not alternative penalties. They can apply simultaneously to the same incident.

Cybersecurity: The Attack Surface EHDS Is Actively Expanding

Healthcare is already the most-attacked sector in critical infrastructure. There were 324 health-sector cyber incidents reported to EU authorities in 2023, more than any other critical sector. The EHDS significantly worsens the threat landscape by design: it requires EHR systems to expose standardised FHIR and HL7 APIs to allow external systems to retrieve and process patient data. Once a hospital connects to the EHDS ecosystem, its digital perimeter is no longer limited to its own network.

A Black Book survey of 352 hospital IT leaders in Germany, France and Italy, March to August 2025, found that 74% of hospitals had experienced at least one serious cyberattack attempt in the preceding 12 months. The most common entry points were compromised credentials and attacks on the Fast HealthCare Interoperability Resources (FHIR) and HL7 APIs used for data exchange. 83% identified interoperability vendors and middleware as their most exploitable layer. The EHDS does not create a new type of vulnerability. It scales an existing one across the entire EU health system simultaneously (Black Book Research 2025).

Privacy Architecture: From Procedural to Structural

Most health organisations treat privacy as a procedural obligation: publish a notice, obtain consent, complete a data protection impact assessment, record the processing. The EHDS makes this inadequate. Privacy must be built into the technical design of every data flow, enforced at the transaction level and auditable in real time, because procedural privacy can be satisfied after the fact while architectural privacy must exist before the first data access occurs.

Every EHR system operating within the EHDS must incorporate a mandatory logging component recording who accesses which patient data, when and under what authorisation, conforming to EU technical specifications. There is no provision for aggregating logs from non-compliant systems. A blanket organisational consent for ‘AI use of patient data’ does not satisfy the EHDS requirement: each data access event must be authorised by a valid legal basis satisfying both GDPR and EHDS sectoral conditions simultaneously (Regulation (EU) 2025/327, Articles 7–12, 34; GDPR, Articles 6, 9).

Data holders must provide an annual catalogue of all in-scope electronic health data to their national health data access body. Electronic health data is defined broadly to include medical imaging, laboratory results, prescriptions, genomic data, wellness app data and data from medical devices, much of it generated before the EHDS entered into force. Organisations that have not yet conducted a data mapping exercise across all systems and data types are already behind. 

June 2025 was the deadline for each EU Member State to have established a National Digital Health Authority. The question for health organisations is whether their national authority is operational and whether their own internal governance function can match it with a standing operational function, not a one-time project (Regulation (EU) 2025/327, Articles 19–23, 33; Kaminaris 2025).

ENISA's June 2025 NIS2 guidance states explicitly that compliance requires cross-functional teams: CISO for cybersecurity architecture, DPO for GDPR and EHDS privacy, CMIO for AI Act conformity and EHR certification, and legal and compliance for data access permits and penalty exposure. In most health organisations these functions operate in separate silos. The EHDS makes their integration a compliance requirement, not a management preference. Further, the EHDS does not recognise geographic distance as a compliance defence (ENISA 2025a). 

Redesigning or Automating?

The distinction between automation and redesign is operational. It determines whether an organisation reduces cost per task or releases measurable clinical capacity. Most health system AI investments today are purchasing the first while believing they are pursuing the second. The gap between those two is where transformation goes to die.

Failure Modes

Failure Mode 1: The Automated Dysfunction

Prior authorisation is the canonical example. An agentic AI can automate every step: retrieving clinical data, identifying payer-specific criteria, populating forms, submitting, monitoring and escalating denials, without any manual involvement in routine steps. The automation case is strong. The redesign question is different: should this process exist in its current form? In many systems, prior authorisation criteria are artefacts of billing architecture negotiated over decades with no reference to patient outcomes. In countries with integrated payer-provider structures, the equivalent friction takes different forms but reflects the same structural legacy: processes designed for information scarcity persisting into an era of information abundance. Automating a dysfunctional process does not make it rational. It makes it faster, cheaper and harder to change.

Failure Mode 2: The Governance Simulation

84% of healthcare organisations surveyed by CHIME in December 2025 have established an AI Governance Committee. That is mobilisation, not governance. A committee reviewing system behaviour quarterly is performing retrospective oversight. Agentic systems require continuous supervision, automated monitoring, escalation triggers and defined authority to intervene. The same survey found that only 10% of healthcare organisations use automated monitoring to detect AI capabilities; the majority rely on informal ad hoc discovery or vendor release notes. This means that in 90% of health systems with active governance committees, the committee does not know what AI is actually doing in the organisation at any given moment (Censinet 2025).

The Change Healthcare cyberattack of 2024, in which a breach of a single claims-processing intermediary disrupted healthcare payments for weeks and cost an estimated $874 million (€746 million) in revenue losses, demonstrated what happens when interconnection risk is not governed in real time. In a multi-agent system, the blast radius of a compromise scales with the agent's access perimeter. A governance committee reviewing this quarterly is not a safeguard.

Failure Mode 3: The Pilot Permanence

Research published in the New England Journal of Medicine in January 2026 found that while 60% of surveyed healthcare executives believe agentic AI will meaningfully improve the provider-patient experience, only 3% have deployed agents in live workflows. Many organisations have normalised the pilot phase, allowing experimentation to continue without committing to workflow change. A pilot provides evidence. Only structural commitment to redesign provides transformation (Durlach et al. 2025; Microsoft 2026).

A Transition Framework

Three diagnostic questions can shift organisations from automating its past to designing its future. These questions are operational tests that should be applied to specific workflows, approvals and data flows.  

Where in the loop does human judgment actually matter? The human must remain in the loop. The question is where. In one direction, humans are removed from consequential decisions through negligence: a governance committee reviewing AI performance quarterly is not supervising a system making thousands of decisions per day. In the other direction, humans are inserted through inertia: a deteriorating sepsis marker requiring sign-off from three approval layers before an intervention can be initiated is not a safety feature but an inheritance from a slower information environment. That latency costs lives. The distinction that matters is between decisions requiring human legitimacy, moral weight, contextual judgment irreducible to data and decisions requiring human involvement merely because humans were the only available processors. The first category demands human decision-makers. The second is a candidate for agentic execution with human oversight.

What percentage of governance is retrospective? If a board spends the majority of its clinical governance time reviewing last quarter's incident reports, its oversight model was designed for an era when that was the only data available. Real-time AI anomaly detection and continuous quality monitoring make a different question possible: not ‘What went wrong?’ but ‘What is our current confidence in the integrity of the decision systems operating right now?’ Boards that have not updated their governance model for this reality are not governing AI-augmented systems. They are governing the historical record of AI-augmented systems.

If this organisation were founded today, which processes would we design? This diagnostic reveal which processes serve a current clinical or legal function and which exist because no one has had the authority to examine them. Automating routine administrative functions is economically necessary. But the economic necessity of automation does not resolve the prior question of which processes should be automated and which should be eliminated. That question requires deliberate architectural choice made before the automation investment, not after.

Security, Privacy and Ethics: Architecture, Not Afterthought

As agentic systems acquire the ability to initiate actions, the security surface of a health institution expands in ways traditional cybersecurity governance was not designed to address. Agentic systems can autonomously initiate actions, access new data sources and interact across multiple platforms. Without tight governance, this autonomy creates attack surfaces exploitable for rapid data exfiltration, AI-generated phishing and automated exploitation of system vulnerabilities.

Safe agentic deployment requires governance by design: defined access controls, automated logging and real-time monitoring thresholds embedded in the system architecture. Healthcare organisations should require vendors to publish training data provenance, bias audit results and accuracy validation across relevant patient populations before any production deployment.

The risk of agent sprawl and shadow AI, autonomous agents deployed by clinical departments or individual practitioners outside any formal governance inventory, is not merely a technology scaling issue. It is an ethical governance problem. The CHIME survey found that 90% of organisations with AI governance committees lack automated monitoring to detect AI capabilities. Shadow agents operating without validated training data, bias audits, AI Act conformity assessments, or decommissioning protocols represent an undetected patient safety risk and an unmanaged regulatory liability. The operational response is not prohibition, which merely drives adoption underground, but governance by supply: an internal AI catalogue with a fast-track validation pathway so the sanctioned route is faster than the unsanctioned one (Censinet 2025; Prakash et al. 2026).

Algorithmic bias in clinical decision support can systematically disadvantage already-marginalised patient populations, particularly where training data reflects historical inequities in care delivery. Deploying a diagnostic AI trained on one population to support clinical decisions in another without local validation is not a technical risk. It is an ethical failure with patient safety consequences. Governance frameworks must include mechanisms for ongoing bias audit, explainability requirements for high-stakes decisions and clear accountability chains when AI-generated outputs influence clinical or administrative outcomes (Hinostroza Fuentes et al. 2025).

Conclusion: Alignment Is a Decision

The history of digital transformation in health systems is, in large part, a history of capability arriving faster than governance. Electronic health records were deployed before interoperability standards were agreed. Telehealth expanded faster than reimbursement frameworks could accommodate. In each wave, the technology arrived. The reinvention did not follow.

Agentic AI is the most powerful tool yet to enter this sector. It can compress the distance between data and clinical decision, reclaim clinician time from administrative burden globally, identify redundant processes and redirect fiscal resources from administration toward care by amounts that could materially transform the clinical capacity of even the most constrained health systems.

4.5 billion people worldwide currently lack access to basic health services, and 2 billion face financial hardship due to health costs. In this environment, administrative waste is a moral problem. Every dollar consumed by a redundant approval layer, a fragmented billing system, or a documentation requirement that exists for legal rather than clinical reasons is a dollar not available to extend care to someone who currently has none (WHO 2024).

The gap between belief and deployment is a governance gap. Closing it requires leaders willing to ask not only where AI can be deployed, but whether the processes it would be deployed within are designed for a world in which intelligence is continuous, data is real-time, and administrative distance is a cost, not a protection.

Conflict of interest

None.